Nowadays a name synonymous with privacy scandals, Facebook, did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, a statement by the social media giant showed Wednesday. According to a company spokesperson, it also does not currently have plans to do so.
Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said in a blog post Tuesday that "malicious actors" had obtained the data prior to September 2019 by "scraping" profiles using a vulnerability in the platform's tool for synching contacts.
The Facebook spokesperson said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available, in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time.
The scraped information did not include financial information, health information or passwords, Facebook said. However, the collated data could provide valuable information for hacks or other abuses.
Facebook, which has long been under scrutiny over how it handles user privacy, in 2019, reached a landmark settlement with the United States Federal Trade Commission (FTC) over its investigation into allegations the company misused user data.
Ireland's Data Protection Commission, the European Union's lead regulator for Facebook, said on Tuesday it had contacted the company about the data leak. It said it received "no proactive communication from Facebook" but was now in contact.
The July 2019 FTC settlement requires Facebook to report details about unauthorized access to data on 500 or more users within 30 days of confirming an incident.
The Facebook spokesperson declined to comment on the company's conversations with regulators but said it was in contact to answer their questions.
Meanwhile, Turkey has sought an explanation from Facebook over the massive data leak.
Personal data of more than half a billion Facebook users reemerged online after it was leaked by hackers for free Saturday. The information from 106 countries included everything from phone numbers, Facebook IDs, full names to locations, birthdates and email addresses.
The leaked data included records of around 20 million users in Turkey, in addition to 32 million from the U.S. and 11 million from the United Kingdom.
The information appears to be several years old but is another example of the vast amount of data Facebook and other social media platforms collect, and the limits to how secure that data is.